Introduction

Everyone working for Active Northumberland service has a legal duty to keep and process information about you in accordance with the law. This document explains why we ask for your personal information, how that information will be used and how you can access your records. We are committed to protecting and respecting your privacy. We are registered as a ‘data controller’ under the Data Protection Act 2018 (registration no.ZA071118).

Why is information recorded about me?

We use information about Active Northumberland users to enable us to provide you with a service.  We keep records about Active Northumberland users. These may be written down (manual records), or kept on a computer (electronic records).
These records may include:

• basic details about you, for example, name, address, date of birth,
• unique identifier e.g. membership reference number  
• financial information e.g. bank account number, sort code. 
• contact we have had with you, for example, appointments & letters of correspondence,
• notes and reports about your relevant circumstances,
• details and records about the service you have received,
• relevant information from other people that we have been in contact with in relation to the service that you have received,

We also process sensitive classes of information that may include:

• health details including medical details

Telephone calls

Ordinarily we will inform you if we record or monitor any telephone calls you make to us. This will be used to increase your security, for our record keeping of the transaction, investigation of complaints and for our staff training purposes.

Emails

If you email us we may keep a record of your contact, your email address and the content of the email for our record keeping. However, this information will not be kept longer than necessary and in line with our data retention policies.

What is the information used for?

Your records are used to help ensure that we provide you with the service that you need. 
Information which you provide us with will be kept securely and will only be used for the purposes stated when the information is collected. For example:

●     to progress the service you requested 
●     to allow us to be able to communicate and provide services and benefits appropriate to your needs 
●     to ensure that we meet our legal or contractual obligations 
●     for law enforcement functions 
●     to detect and prevent fraud or crime 
●     to process financial transactions 
●     where necessary, to protect individuals from harm or injury; and 
●     to allow the statistical analysis of data so we can plan the provision of services.

It is important that your records are accurate and up-to-date as they will help make sure that our staff are able to provide you with the help, advice or support you need.
If you do not provide us with this information then we will not be able to communicate accurately and efficiently with you, for example if a booking is cancelled or changed.

Occasions when your information needs to be disclosed (shared) include:

• where the health and safety of others is at risk,
• when the law requires us to pass on information under special circumstances,
• crime prevention or the detection of fraud as part of the National Fraud Initiative
• Anyone who receives information from us has a legal duty to keep it confidential
• We are required by law to report certain information to appropriate authorities – for example:
• where we encounter infectious diseases which may be a public health concern
• where the law is not upheld  

Partner organisations

Active Northumberland works with partner organisations, on occasion we may need to share information.

At no time will your information be passed to organisations external to us and our partners for marketing or sales purposes or for any commercial use without your prior express consent.

CCTV

We have CCTV systems installed in some of our premises which are accessed by members of the public. These are for the purposes of public and staff safety and crime detection and prevention. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information about the scheme. We will only disclose CCTV images to others, where required by law or to help prevent crime etc. CCTV images will not be released to the media for entertainment purposes or placed on the internet. Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated. You have the right to see CCTV images of yourself and be provided with a copy of the images. However, the images may be withheld if the images also identify a third party.

Using our website

Our website http://www.activenorthumberland.org.uk does not store or capture personal information
when you access it as a visitor. Our systems will only capture and record personal information if you;

• subscribe to our newsletter using your email address,
• sign up as a member,
• book a class,
• contact us and leave your details for us to respond.

Please note that any forms on our website that capture personal information are secure and data will
only be used for the purposes stated when the information is collected.

Cookies 

Our website uses cookie technology for analytical purposes, and to personalise the user experience of the site, e.g, which local area you selected. A cookie is a string of information that is sent by a website
and stored on your hard drive or temporarily in your device’s memory. This helps us to provide you with a good service when you browse our website and also allows us to improve our site. No personal
information is collected this way. Please note that this notice only covers the Active Northumberland website maintained by us, and does not cover other websites linked from our site.

How will my information be protected?

Our aim is not to be intrusive, and we won't ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to make sure it can't be seen, accessed or disclosed to anyone who shouldn't see it.

We adopt their Information Governance Framework which includes policies on Data Protection, Information Security, Freedom of Information and Environmental Information.

These define our commitments and responsibilities to your privacy and cover a range of information and technology security areas. The framework and all policies are available here. We provide mandatory annual training to all staff. We treat it as a disciplinary matter if staff misuse or do not look after your personal information properly.

How long for?

Your details will be in line with the Active Northumberland retention periods. Processing is kept to a minimum and will only be processed in accordance with the law.


Information will only be shared with third parties if they have genuine and lawful need for it. 
When special category data is shared, for example health data including G.P Referrals, we will gain explicit consent to do so. 

Can I see my records?

The General Data Protection Regulation allows you to find out what information is held about you, on paper and computer records. This is known as ‘right of subject access’ and applies to your membership records along with all other personal records.

If you wish to see a copy of your records you should submit a Subject Access Request which is available here or by contacting the Information Governance Office directly. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person. 

Do I have Other Rights?

Data Protection laws gives you the right:

• To be informed why, where and how we use your information. 
• To ask for access to your information
• To ask for information to be corrected if inaccurate or incomplete. 
• To ask for your information to be deleted or removed where there is no need for us to continue processing it. 
• To ask us to restrict the use of your information. 
• To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information. 
• To object to how your information is used. 
• To challenge any decisions made without human intervention (automated decision making). 
• To lodge a complaint with the Information Commissioner’s Office whose contact details are below.

If our processing is based upon your consent, to withdraw your consent.

 

Further information

If you would like to know more about how we use your information, or if for any reason you do not wish to have your information used in any of the ways described in this leaflet, please tell us. Please contact Joanne Farrier on jfarrier@activenorthumberland.org.uk
Data Protection Officer: business_support@activenorthumberland.org.uk

You also have the right to complain to the Information Commissioner’s Office if you are unhappy with the way we process your data. Details can be found on the ICO website, or you may write to the ICO at the following address: 
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Email: casework@ico.org.uk

Personal information retained by, or submitted to, Active Northumberland is governed and protected by the General Data Protection Regulation 2018 (GDPR).

This means only necessary information will be kept accurately, safely and securely. Active Northumberland is registered on the public register of data controllers, with the registration number ZA622628. 

You have certain rights in relation to your personal data which includes, but not limited to, requesting access to whether we are using or storing your data (subject access request) and to request your data is removed (right to be forgotten).

Subject Access Request

In line with the General Data Protection Regulation (GDPR) you have the right to see what information an organisation holds about you such as:

• to be given a description of the data;
• to be told for what purposes the data are processed and
• to be told the recipients or the classes of recipients to whom the data may have been disclosed.

You are also entitled;

• to be given a copy of the information with any unintelligible terms explained;
• to be given any information available to the controller about the source of the data;

How do I make a request to Active Northumberland?

1. If you are making a request to Active Northumberland, you should use the ‘Subject Access Request Form’. You will find it enclosed in this pack.

2. You should provide two original official forms of identification, 1 photographic and one to show your current address (this should be dated within the last 2 months). In cases where sensitive personal data is involved, you may be required to provide further identification. Examples of identification are your passport or driving licence and a recent utility bill or council tax letter.

3. If a representative is making a request on your behalf then you will also need to complete appendix 1 or 2 of the Subject Access Request Form. We will not respond to third party requests unless this form is completed. In order to ensure confidentiality we reserve the right to make further enquiries to check the authorisation given.

4. Alternatively, the completed form and documents can be placed in a sealed envelope marked for the attention of the Information Governance Office. This can be handed in at our Customer Information Centres who will then forward the sealed envelope to the Information Governance Office for processing.

Can a third party make a subject access request on my behalf?

Yes, but only with your written authorisation. There is no reason why an individual cannot make a request through a representative; however, it is the representative’s responsibility to provide satisfactory evidence that he/she has the authority to make a request on behalf of the individual.

How long does a subject access request take?

Within 40 calendar days from receipt of the request or, the necessary information to confirm your identity and to locate the data and consents where appropriate.